08-16-2017 10:59 AM - edited 03-12-2019 02:49 AM
Does anyone knows, why Cisco ASA ASDM in monitor routes shows a route but in Configuration--> static routes doesnt show this route.
please help. Even in show running-config, doesnt shows this route.
Thanks
08-16-2017 03:15 PM
yes, let me see if i can turn off the vpn and make the change for this packet tracer, do you know if i can have redundancy betwen vpn´s?
08-16-2017 03:18 PM
Yes you can, you will just need to add some additional configuration on both devices. On this specific device, you just need to add the crypto map on the new interface.
Mike.
08-16-2017 03:40 PM
Ok thanks Maykol, by the way, when the VPN is down due to the priority change the interface Axtel, doesnt answer anymore. I only have to wait to turn off the vpn and do the packet tracer to send you.
08-16-2017 03:43 PM
Sonuds good. When you do that change, can you also add a route for the VPN peer through Axtel?
Route axtel <vpn_peer> 255.255.255.255 187.162.87.97
Mike.
08-16-2017 03:46 PM
it is normal ? that if Axtel is not the main ISP cannot answer the interface?
this route: Route axtel <vpn_peer> 255.255.255.255 187.162.87.97 is for?
08-16-2017 03:50 PM
Yes.
The route is to force the VPN to be established through the Axtel.
Mike.
08-16-2017 03:55 PM
This is my routing table, so at this point i can change the distance of the routes and make outside my main ISP ?
08-16-2017 04:04 PM
Yup, go ahead.
Mike.
08-16-2017 04:08 PM
and the vpn will still up with this change?
08-16-2017 04:10 PM
It should, yes.
Mike.
08-16-2017 04:14 PM
i will test this, and i will let you know.
Thanks Maykol
08-17-2017 07:32 AM
Hello maykol, now everything its working,
Thank you so much
08-17-2017 11:45 AM
Awesome news. Glad it works.
Saludos.
08-17-2017 08:07 AM
Hello Maykol
Do you have these commands, for vpn redundancy ?
Thanks
08-17-2017 11:44 AM
Sure. On your ASA, you need to apply the same crypto map on the new interface:
crypto map <name> interface outside
crypto map <name> interface outside
And on the other side, you need to configure the new peer on the crypto map:
crypto map <name> set peer <asa_new_ip>.
Mike.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide